[jira] [Commented] (CXF-7536) STRTransform TransformException when manually adding SAML Assertion via SAMLCallback.setAssertionElement()

Fri, 27 Oct 2017 07:43:15 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-7536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222475#comment-16222475
 ] 

Colm O hEigeartaigh commented on CXF-7536:
------------------------------------------

The problem is that you have two SignedElements policy specified as an 
alternative, so it will only select one (randomly). Instead just have all of 
your XPath expressions in one SignedElement policy and it should work.

> STRTransform TransformException when manually adding SAML Assertion via 
> SAMLCallback.setAssertionElement()
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-7536
>                 URL: https://issues.apache.org/jira/browse/CXF-7536
>             Project: CXF
>          Issue Type: Bug
>         Environment: Apache Tomcat 8.0.37
>            Reporter: Russell Orf
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>             Fix For: 3.1.14, 3.2.1
>
>         Attachments: catalina.out, service-client.war
>
>
> In Apache CXF v3.1.7, I have a JAX-WS web service client calling a service 
> that requires a HolderOfKey SAML Assertion. The assertions are from a custom 
> service that does not adhere to the WS-Trust SecureTokenService standard, so 
> I am adding them manually in a SAMLCallbackHander, using the 
> callback.setAssertionElement() method.
> When invoking the client, the WSS4J framework is unable to compute the 
> signature for the SecurityTokenReference header block, throwing the below 
> error:
> {{
> javax.xml.crypto.dsig.XMLSignatureException: 
> javax.xml.crypto.dsig.TransformException: 
> org.apache.wss4j.common.ext.WSSecurityException: Referenced token 
> "id-of-SAML-assertion" not found
> at 
> org.apache.wss4j.dom.str.STRParserUtil.getTokenElement(StrParserUtil.java:314)
> at 
> org.apache.wss4j.dom.transform.STRTransformUtil.dereferenceSTR(STRTransformUtil.java:98)
> at 
> org.apache.wss4j.dom.transform.STRTransform.transformIt(STRTransform.java:195)}}
> It appears that the SAML assertion DOM Element that is added via the 
> callback.setAssertionElement() method is not getting searched by the 
> STRParserUtil.getTokenElement() method.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to